FULL of Spywares..
January 30th, 2020
but the problem is that i can’t delete them..
already tried Ad-Aware , and Spyware Doctor.. none of them worked
every time that i open a Folder it says : Your Windows is infected..you are Recommended to download a Anti-Spyware Program..
and i don’t wanna Format my PC either.
Help please…
Please download the current version of HijackThis from here.
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
- Double click and run the installer.
- It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
- After installing, you should get the user agreement, press accept and Hijack This will run.
- Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
Try Rogue Remover from MalwareBytes it worked for me
http://www.malwarebytes.org/rogueremover.php
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:23 PM, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\~ Disallowed ~.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WinIss - {17D562A6-DA3D-4F87-B659-86CD06473AB5} - C:\WINDOWS\system32\dzhoil.dll
O4 - HKLM\..\Run: [~ Disallowed ~] C:\WINDOWS\system32\~ Disallowed ~.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FD1A302-174E-4955-AAE3-4E114B50991D}: NameServer = 213.163.97.5 213.163.97.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FD1A302-174E-4955-AAE3-4E114B50991D}: NameServer = 213.163.97.5 213.163.97.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FD1A302-174E-4955-AAE3-4E114B50991D}: NameServer = 213.163.97.5 213.163.97.10
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5118 bytes
- Open HijackThis
- Choose “Do a system scan only”
- Check the boxes in front of these lines:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html O2 – BHO: WinIss – {17D562A6-DA3D-4F87-B659-86CD06473AB5} – C:\WINDOWS\system32\dzhoil.dll O4 – HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe - Press “Fix Checked”
- Close Hijack This.
Delete these two files:
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\dzhoil.dll
===
Next, 1. Download combofix from here
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix’s window whilst it’s running. That may cause it to stall.
Try What Said If Not Works Use System Restore
system restore should be the way to go. however it is possible that this spyware caused system restorer to deactivate. if so format
thank ya all..
hijack this helped me..